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DETAILED ACTION 

This action is in response to tlie remarks and amendments filed January 
30. 2006. 

Claims 1-6 are cancelled by the Applicant. Claims 7-36 are herein 
considered. 

REQUIREMENT FOR INFORMATION 

Applicant and the assignee of this application are required under 37 CFR 
1 .105 to provide the following information that the examiner has determined is 
reasonably necessary to the examination of this application. 

In response to this requirement, please state the specific improvements of 
the subject matter in claims 7-36 over the disclosed prior art as listed on the 
Applicant's Information Disclosure statements filed January 30, 2006 and 
indicate the specific elements in the claimed subject matter that provide those 
improvements. For those claims expressed as means or steps plus function, 
please provide the specific page and line numbers within the disclosure which 
describe the claimed structure and acts. 

In responding to those requirements that require copies of documents, 
where the document is a bound text or a single article over 50 pages, the 
requirement may be met by providing copies of those pages that provide the 
particular subject matter indicated in the requirement, or where such subject 
matter is not indicated, the subject matter found in applicant's disclosure. 
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This Office action has a requirement for information under 37 CFR 1.105. 
A complete reply to this Office action must include a complete reply to the 
requirement for information. The time period for reply to the requirement 
coincides with the time period for reply to this Office action. 

Response to Arguments 

Applicant's arguments filed January 30, 2006 have been fully considered 
but they are not persuasive. 

In response to the Applicant's remarks concerning the Examiner's 
previously set forth 37 CFR 1.75(c) objections to claims 2 and 16, the Examiner 
would like to bring to the Applicant's attention 37 CFR 1.75 (c) which clearly 
states: "One or more claims may be presented in dependent form, referring back 
to and further limiting another claim or claims in the same application." The 
Examiner would also like to refer back to the previous action in which it her 
reasons for objection were clearly stated. Page 2 of the previous office action 
clearly states "claims 2 and 16 are objected to as being of improper dependent 
forni for failing to further limit the subject matter of a previous claim." The 
applicant has canceled claim 2. Claim 16 however, remains objected to. 
Although the Applicant argues that claims 12-15 are properly read as not 
requiring the server to operate as a proxy, it would have been obvious to a 
person of ordinary skill in the art at the time the invention was made to include 
proxy capabilities within the server of claims 12-15. If it is the Applicant's 
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intention to limit claims 12-15 as to nof include proxy capabilities, it should be 
clearly stated. 

In response to the Applicant's allegations that Lin fails to fully teach the 
limitations of claims 7-9, 12-17, 19-22, and 24-34, the Examiner respectfully 
disagrees. A recitation of the intended use of the claimed invention must result in 
a structural difference between the claimed invention and the prior art In order to 
patentably distinguish the claimed invention from the prior art. If the prior art 
structure is capable of performing the intended use, then it meets the claim. 
Applicant's arguments fail to comply with 37 CFR 1 . 1 1 1 (b) because they amount 
to a general allegation that the claims define a patentable invention without 
specifically pointing out how the language of the claims patentably distinguishes 
them from the references. Applicant's arguments do not comply with 37 
CFR 1 .1 1 1(c) because they do not clearly point out the patentable novelty which 
he or she thinks the claims present in view of the state of the art disclosed by the 
references cited or the objections made. Further, they do not show how the 
amendments avoid such references or objections. 

In response to the Applicant's allegations that Berger fails to fully teach 
the limitations of claims 8-36, the Examiner respectfully disagrees. A recitation of 
the Intended use of the claimed Invention must result in a structural difference 
between the claimed invention and the prior art in order to patentably distinguish 
the claimed invention from the prior art. If the prior art structure is capable of 
performing the intended use. then it meets the claim. Applicant's arguments fail 
to comply with 37 CFR 1 . 1 1 1 (b) because they amount to a general allegation that 
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the claims define a patentable invention without specifically pointing out how the 
language of the claims patentably distinguishes them from the references. 
Applicant's arguments do not comply with 37 CFR 1 .1 1 1(c) because they do not 
clearly point out the patentable novelty which he or she thinks the claims present 
in view of the state of the art disclosed by the references cited or the objections 
made. Further, they do not show how the amendments avoid such references or 
objections. 

In response to the Applicant's allegations that Berger and Lin could not be 
combined in order to reject claims 8-36 under 35 USC 103, the Examiner has not 
presented a prima facie case of obviousness because there were no 103 
rejections made. However, if in the future there presents itself a reason to 
combine the references, the Examiner will at that point examine bother 
references in terms of one another and present a prima facie case of 
obviousness if one exists. 

Therefore, based on the above arguments, the Examiner maintains the 35 
USC 102 rejections as set forth in the previous office action. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 
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Claims 7-9, 12-17, 19-22, and 24-34 are rejected under 35 
U.S.C. 102(b) as being anticipated by Lin et al. (U.S. Patent No. 6,052,785). 

As per claim 7, Lin discloses a network storage access controller 
comprising: 

a) a first network interface coupleable to an initiator network accessible by a 
plurality of network clients to exchange first network data, wherein said first 
network data contains unencrypted media-level storage data (remote data 
repositories); 

b) a second network interface coupleable to a target network through which a 
plurality of network storage volumes are accessible to exchange second network 
data, wherein said second network data contains encrypted media-level storage 

* 

data (remote data repositories); and 

c) a controller coupled between said first and second network interfaces 
operative to convert between said first and second network data, said controller 
including a crypto processor to encrypt and decrypt media-level storage data 
contained in said first and second network data (CRYPTOPS) (col. 3 lines 52-63; 
col.5 line 57 thru col.6 line 24; col.7 lines 55-57). 

As per claim 8, Lin discloses the network storage access controller of 
claim 7 wherein said controller includes a plurality of crypto keys having 
predetermined association with said plurality of network storage volumes and 
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wherein said controller is operative to selectively apply said plurality of crypto 
keys to convert between said first and second network data (col.3 lines 48- 
51 ;col.7 lines 48-57). 



As per claim 9, Lin discloses the network storage access controller of 
claim 8 wherein said first and second network data includes predetermined 
network data packets that encapsulate media-level storage data, wherein said 
controller is operative to process encapsulated media-level storage data through 
said crypto processor selectively associated with a predetermined one of said 
crypto keys (col.5 line 57 thru col.6 line 23; col.7 lines 48-57). 

As per claim 12, Lin discloses a network storage controller supporting 
client access to network attached data storage, said netvvcrk controller being 
coupleable in a communications network between a plurality of client computers 
and a plurality of data stores, wherein said network storage controller provides 
for the transfer of network data between said client computers and said data 
stores, wherein said network data includes media-level data and wherein said 
network access controller provides for the selective encryption and decryption of 
said media-level data transferred with respect to said plurality of data stores 
(col.3 lines 52-63; col.5 line 57 thru col.6 line 24). 

As per claim 13, Lin discloses the network storage controller of claim 12 
wherein the transfer of network data between said client computer and said data 
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stores is directed subject to an access management policy autonomously 
implemented by said network storage controller (col.6 lines 25-36). 

As per claim 14, Lin discloses the network storage controller of claim 13 
wherein said access management policy defines a correspondence between said 
data stores and a plurality of encryption keys stored by said network storage 
controller (col.6 lines 38-49). 

As per claim 15, Lin discloses the network storage controller of claim 14 
wherein said access management policy defines a correspondence of data 
access permissions between users and said data stores (col.6 lines 38-49). 

As per claim 16, Lin discloses the network storage controller of claim 12 
wherein said network storage controller provides for the proxy transfer of network 
data between said client computers and said data stores (col. 3 lines 52-63; col. 5 
line 57 thru col.6 line 24). 

As per claim 17, Lin discloses a network media access controller 
configures as a network proxy portal to provide storage security for clients with 
respect to network attached storage devices, said network media access 
controlled comprising a network data processor (server) coupleable between an 
initiator network (clients) and a target network (remote storage units) to provide 
for the proxy transfer of predetermined network protocol data packets containing 
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media-level data between said initiator (client) and target (storage) networks, 
said network data processor being operative to selectively process said 
predetermined network protocol data packets to encrypt and decrypt media-level 
data (col.3 lines 52-63; col.5 line 57 thru col.6 line 24). 

As per claim 19, Lin discloses the network media access controller of 
claim 17 wherein said network data processor includes a plurality of encryption 
keys and wherein network data processor selectively processes said 
predetermined network protocol data packets based on a predefined 
correspondence between said plurality of encryption keys and a plurality of target 
storage resources accessible via said target network (col.3 lines 52-63; col.5 line 
57 thru col.6 line 24). 

As per claim 20, Lin discloses the network media access controller of 
claim 19 wherein said predefined correspondence supports a proxy mapping of a 
plurality of virtual target storage devices accessible via said initiator network by a 
plurality of client computer systems to said plurality of target storage resources 
accessible via target network (col.5 lines 4-13). 

As per claim 21, Lin discloses the network media access controlled of 
claim 20 wherein said predefined correspondence is associated with said 
plurality of virtual target storage devices (col.5 lines 4-1 3). 
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As per claim 22, Lin discloses the network media access controlled of 
claim 21 wherein said network data processor implements a data packet filter 
(file system gateways) to selectively provide for the proxy transfer of 
predetermined network protocol data packets (col.6 lines 25-36). 

As per claim 24, Lin discloses a method of providing secure storage of 
data over a network connection, said method comprising the steps of: 

a) first processing network data packets, transferred over a network between a 
client computer system and a storage system, to identify predetemiined network 
data packets containing media-level data; 

b) second processing said predetermined network data packets to encrypt the 
media-level data contained in said predetermined network data packets being 
transferred to said storage system and to decrypt the media-level data contained 
in said predetermined network data packets being transferred to said client 
computer system (col.3 lines 52-63; col.5 line 57 thru col.6 line 24). 

As per claim 25, Lin discloses the method of claim 24 wherein said 
storage system includes a plurality of storage resources and wherein said step of 
first processing determined a target storage resource from a predetermined 
network data packet, said method further comprising the step of selecting an 
encryption key corresponding to said target storage resource for use in 
connection with said second processing step with respect to said predetermined 
network data packet (col.5 line 57 thru col.6 line 23; col.7 lines 48-57). 
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As per claim 26, Lin discloses the method of claim 25 further comprising 
the step of selectively filtering (with file system gateways) network data packets 
permitted to be transferred over said network between said client computer 
system and said storage system (col.6 lines 25-36). 

As per claim 27, Lin discloses the method of claim 26 further comprising 
the steps of: 

a) providing a plurality of virtual storage resources as target storage resources 
for said client computer system (col. 5 lines 4-13); and 

b) providing a mapping of said plurality of virtual storage resources to said 
plurality of storage resources wherein said mapping is used in said first 
processing step to transfer network data packets over said net.vork between said 
client computer system and said storage system (col.6 lines 25-59). 

As per claim 28, Lin discloses a method of managing the secure storage 
of data in a network attached storage system, said method comprising the steps 
of: 

a) establishing a network storage portal (server) through which network storage 
data packets are passed between a client computer system and a network data 

store; and 

b) crypto processing, on passage through said network storage portal, media- 
level data contained within network storage data packets to selectively encrypt. 
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at said networl^ storage portal, media-level data passed to said network data 
store and selectively encrypt, at said network storage portal, media-level data 
passed from said network data store (col.3 lines 52-63; col. 5 line 57 thru col.6 
line 24). 

As per claim 29, Lin discloses the method of claim 28 wherein said 
network data store Includes a plurality of network data store resources, said 
method further comprising the step of associating, at said network storage portal, 
media-level data encryption keys with said network data store resources to 
control the encryption and decryption of media-level data passed to and from 
said plurality of network data store resources (col.3 lines 52-63; col.5 line 57 thru 
col.6 line 24). 

As per claim 30, Lin discloses the method of claim 29 further comprising 
the step of providing, at said network storage portal, for the management of a 
defined key correspondence between said plurality of media-level data 
encryption keys and said plurality of network data store resources (col.5 line 
51thru col.6 line 24). 

As per claim 31, Lin discloses the method of claim 30 further comprising 
the steps of: 
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a) presenting, at said network storage portal, a plurality of virtual network data 
storage resources to said client computer system as targets for network storage 
data packets; and 

b) mapping, at said network storage portal, said plurality of virtual network data 
store resources to said plurality of network data store resources, wherein said 
step of providing further provides for the management of a defined map 
correspondence between said plurality of virtual network data storage resources 
to said plurality of network data storage resources (col.6 lines 25-59). 

As per claim 32, Lin discloses the method of claim 31 further comprising 
the step of filtering, at said network storage portal, the network storage data 
packets passed between said client computer system and said network data 
store, wherein said step of providing further provides for the management of a 
filter rule set used in said filtering step to determine which network storage data 
packets are passed between said client computer system and said network data 
store (col.6 lines 25-36). 

As per claim 33, Lin discloses the method claim 32 wherein said step of 
providing supports access by a management server to establish said defined key 
correspondence, said defined map, and said filter rule set (credential 
management system and file system gateways) (col. 5 line 35 thru col.6 line 59). 
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As per claim 34, Lin discloses a networl< media access controller 
comprising: 

a) an initiator network interface coupleable through a first network to a client 
initiator (client system) (col.5 lines 4-7); 

b) a target network interface coupleable through a second network to a storage 
target (remote file system) (col.5 lines 7-13); and 

c) a network data processor (server) coupled between said initiator and target 
network interfaces, wherein said client initiator and storage target communicate 
storage data over said first and second networks using a data transfer protocol 
(SSL/SHTTP) encapsulated by a network communications protocol (TCP/IP), 
wherein said data transfer protocol provides for the storage and retrieval of 
media-level data, wherein said network data processor (server) is operative to 
transfer network data packets conforming to said network communications 
protocol between said initiator and target network interfaces, said network data 
processor being further operative to selectively encrypt an decrypt media-level 
data contained within network data packets transferred between said initiator and 
target network interfaces (CRYPTOPS) (col.3 lines 52-63; col.5 line 57 thru col.6 
line 24). 

Claims 7-36 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Berger et al. (U.S. Patent No. 5,850,446) 
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As per claim 7, Berger discloses a networl< storage access controller 

comprising: 

a) a first network interface coupleable to an initiator network accessible by a 
plurality of network clients (customers/merchants) to exchange first network data, 
wherein said first network data contains unencrypted media-level storage data; 

b) a second network interface coupleable to a target network through which a 
plurality of network storage volumes (hosts/virtual circuits) are accessible to 
exchange second network data, wherein said second network data contains 
encrypted media-level storage data; and 

c) a controller (gateway) coupled between said first and second network 
interfaces operative to convert between said first and second network data, said 
controller including a crypto processor (2120) to encrypt and decrypt media-level 
storage data contained in said first and second network data (col.6 line 58-col.7 
line 16; Abstract; Figs 21 A, 22). 

As per claim 8, Berger discloses the network storage access controller of 
claim 7 wherein said controller includes a plurality of crypto keys having 
predetermined association with said plurality of network storage volumes and 
wherein said controller is operative to selectively apply said plurality of crypto 
keys to convert between said first and second network data (col. 14 lines 1-26, 
52-58). 
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As per claim 9, Berger discloses the network storage access controller of 
claim 8 wherein said first and second network data includes predetemiined 
network data packets that encapsulate media-level storage data, wherein said 
controller is operative to process encapsulated media-level storage data through 
said crypto processor selectively associated with a predetemnined one of said 
crypto keys (col. 15 lines 1-26, 52-58). 

As per claim 10, Berger discloses the network storage access controller 
of claim 9 wherein said predetemiined network data packets encapsulates SCSI 
protocol data (col.3 lines 31-43; col.124 lines 15-40). 

As per claim 11, Berger discloses the network storage access controller 
of claim 1 0 wherein said predetermined network data packets conform to the 
iSCSI protocol (col.3 lines 31-43; col.124 lines 15-40). 

As per claim 12, Berger discloses a network storage controller (gateway) 
supporting client (customer/merchant) access to network attached data storage 
(hosts/virtual storage), said network controller being coupleable in a 
communications network between a plurality of client computers and a plurality of 
data stores, wherein said network storage controller provides for the transfer of 
network data between said client computers and said data stores, wherein said 
network data includes media-level data and wherein said network access 
controller provides for the selective encryption and decryption of said media-level 
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data transferred with respect to said plurality of data stores (col.6 line 58-col.7 
line 16; Abstract; Figs 21A, 22). 

As per claim 13, Berger discloses the network storage controller of claim 

12 wherein the transfer of network data between said client computer and said 
data stores is directed subject to an access management policy autonomously 
implemented by said network storage controller (gateway) (col. 122 lines 5-50). 

As per claim 14, Berger discloses the network storage controller of claim 

1 3 wherein said access management policy defines a correspondence between 
said data stores and a plurality of encryption keys stored by said network storage 
controller (gateway) (col. 122 lines 5-50). 

As per claim 15, Berger discloses the network storage controller of claim 

14 wherein said access management policy defines a correspondence of data 
access permissions between users and said data stores (col.41 lines 1-24). 

As per claim 16, Berger discloses the network storage controller of claim 
12 wherein said network storage controller provides for the proxy transfer of 
network data between said client computers and said data stores (col. 15 lines 
17-21). 
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As per claim 17, Berger discloses a network media access controller 
(gateway) configured as a network proxy portal to provide storage security for 
clients with respect to network attached storage devices (hosts/virtual circuits), 
said network media access controlled comprising a network data processor 
coupleable between an initiator network (customers/merchants) and a target 
network (host/secure financial databases) to provide for the proxy transfer of 
predetermined network protocol data packets containing media-level data 
between said initiator and target networks, said network data processor being 
operative to selectively process said predetennined network protocol data 
packets to encrypt and decrypt media-level data (col.6 line 58-col.7 line 16; 
Abstract; Figs 21 A, 22). 

As per claim 18, Berger discloses the network media access controller of 
claim 17 wherein said predetermined network protocol data packets to conform 
to the iSCSI protocol and wherein said media-level data is SCSI media data 
(col.3 lines 31-43; coL124 lines 15-40). 

As per claim 19, Berger discloses the network media access controller of 
claim 17 wherein said network data processor includes a plurality of encryption 
keys and wherein network data processor selectively processes said 
predetermined network protocol data packets based on a predefined 
correspondence between said plurality of encryption keys and a plurality of target 
storage resources accessible via said target network (col. 14 lines 1-26, 52-58). 
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As per claim 20, Berger discloses the network media access controller of 
claim 19 wherein said predefined correspondence supports a proxy mapping of a 
plurality of virtual target storage devices accessible via said initiator network by a 
plurality of client computer systems to said plurality of target storage resources 
accessible via target network (col. 122 lines 5-50). 

As per claim 21, Berger discloses the network media access controlled of 
claim 20 wherein said predefined correspondence is associated with said 
plurality of virtual target storage devices (col. 121 lines 31-42). 

As per claim 22, Berger discloses the network media access controlled of 
claim 21 wherein said network data processor Implements a data packet filter 
(gateway schemas) to selectively provide for the proxy transfer of predetermined 
network protocol data packets (col. 15 lines 17-21). 

As per claim 23, Berger discloses the network media access controller of 
claim 22 wherein said predetermined network protocol data packets conform to 
the iSCSI protocol and wherein said media-level data is SCSI media data (col. 3 
lines 31-43; col.124 lines 15-40). 

As per claim 24, Berger discloses a method of providing secure storage of 
data over a network connection, said method comprising the steps of: 
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a) first processing network data packets, transferred over a network between a 
client computer system (customers/merchants) and a storage system (host), to 
identify predetermined network data packets containing media-level data; 

b) second processing said predetermined network data packets to encrypt the 
media-level data contained in said predetermined network data packets being 
transferred to said storage system and to decrypt the media-level data contained 
in said predetermined network data packets being transferred to said client 
computer system (Abstract; coL4 lines 54-57; col. 14 lines 1-26, 52-58; col.17 
lines 18-30). 

As per claim 25, Berger discloses the method of claim 24 wherein said 
storage system includes a plurality of storage resources and wherein said step of 
first processing determined a target storage resources from a predetermined 
network data packet, said method further comprising the step of selecting an 
encryption key corresponding to said target storage resource for use in 
connection with said second processing step with respect to said predetermined 
network data packet (col.17 lines 53-61; coL14 lines 1-26. 52-58). 

As per claim 26, Berger discloses the method of claim 25 further 
comprising the step of selectively filtering network data packets permitted to be 
transferred over said network between said client computer system and said 
storage system (col.4 lines 54-57). 
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As per claim 27, Berger discloses the method of claim 26 further 
comprising the steps of: 

a) providing a plurality of virtual storage resources as target storage resources 
for said client computer system (col. 121 lines 31-42); and 

b) providing a mapping of said plurality of virtual storage resources to said 
plurality of storage resources wherein said mapping is used in said first 
processing step to transfer network data packets over said network between said 
client computer system and said storage system (col. 122 lines 5-50; col. 17 lines 
53-61). 

As per claim 28, Berger discloses a method of managing the secure 
storage of data in a network attached storage system, said method comprising 
the steps of: 

a) establishing a network storage portal (gateway) through which network 
storage data packets are passed between a client computer system 
(customers/merchants) and a network data store (host/virtual circuit); and 

b) crypto processing, on passage through said network storage portal, media- 
level data contained within network storage data packets to selectively encrypt, 
at said network storage portal, media-level data passed to said network data 
store and selectively encrypt, at said network storage portal, media-level data 
passed from said network data store (Abstract; col.4 lines 54-57; col. 14 lines 1- 
26, 52-58; col.17 lines 18-30). 
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As per claim 29, Berger discloses the method of claim 28 wherein said 
networl^ data store includes a plurality of networit data store resources, said 
method further comprising the step of associating, at said network storage portal, 
media-level data encryption keys with said network data store resources to 
control the encryption and decryption of media-level data passed to and from 
said plurality of network data store resources (col. 14 lines 1-26, 52-58). 

As per claim 30, Berger discloses the method of claim 29 further 
comprising the step of providing, at said network storage portal, for the 
management of a defined key correspondence between said plurality of media- 
level data encryption keys and said plurality of network data store 
resources(col.14 lines 1-26, 52-58). 

As per claim 31, Berger discloses the method of claim 30 further 
comprising the steps of: 

a) presenting, at said network storage portal, a plurality of virtual network data 
storage resources to said client computer system as targets for network storage 
data packets(col.121 lines 31-42); and 

b) mapping, at said network storage portal, said plurality of virtual network data 
store resources to said plurality of network data store resources, wherein said 
step of providing further provides for the management of a defined map 
correspondence between said plurality of virtual network data storage resources 
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to said plurality of network data storage resources (col. 122 lines 5-50; col. 17 
lines 53-61). 

As per claim 32, Berger discloses the method of claim 31 further 
comprising the step of filtering, at said network storage portal, the network 
storage data packets passed between said client computer system and said 
network data store, wherein said step of providing further provides for the 
management of a filter rule set used in said filtering step to determine which 
network storage data packets are passed between said client computer system 
and said network data store (col.4 lines 54-57). (col.15 lines 17-21). 

As per claim 33, Berger discloses the method claim 32 wherein said step 
of providing supports access by a management server to establish said defined 
key correspondence, said defined map, and said filter rule set (col. 30 lines 18-43; 
col.41 lines 1-50; col.122 lines 5-50). 

As per claim 34, Berger discloses a network media access controller 
comprising: 

a) an initiator network interface coupleable through a first network to a client 
initiator (customer/merchant), 

b) a target network interface coupleable through a second network to a storage 
target (host/virtual circuit); and 
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c) a network data processor coupled between said initiator and target networl< 
interfaces, wherein said client initiator and storage target communicate storage 
data over said first and second networks using a data transfer protocol (TCP) 
encapsulated by a (secure) network communications protocol, wherein said data 
transfer protocol provides for the storage and retrieval of media-level data, 
wherein said network data processor is operative to transfer network data 
packets conforming to said network communications protocol between said 
initiator and target network interfaces, said network data processor being further 
operative to selectively encrypt an decrypt media-level data contained within 
network data packets transferred between said initiator and target network 
interfaces (col.1 1 lines 44-67; col. 13 lines 23-36); 

As per claim 35, Berger discloses the network media access controller of 
claim 34 wherein said data transfer protocol is the SCSI protocol (col. 3 lines 31- 
43; col. 124 lines 15-40). 

As per claim 36, Berger discloses the network media access controller of 
claim 35 wherein said network communications protocol is the iSCSI protocol 
(col.3 lines 31-43; col. 124 lines 15-40). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. 
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See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Tamara Teslovich whose telephone number 
is (571) 272-4241. The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Emmanuel Moise can be reached on (571) 272-3865. 
The fax phone number for the organization where this application or proceeding 
is assigned is 571-273-8300. 
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Information regarding tfie status of an application may be obtained from 
the Patent Application Infomiation Retrieval (PAIR) system. Status infomiation 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 




6ILBERT0 BARRON 3^ 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




